Endpoint Protection

i realize the max resolution on the pictures is pretty low so i included the noteworthy settings in the comments for each.

It looks like you have a group for each location, correct? And currently, each group is inheriting from the "PC Clients" group?

Have you had a look at the explicit GUP article:

http://www.symantec.com/docs/TECH198640

http://www.symantec.com/docs/TECH196741

You still need to check either the multiple or single GUP box in addition to the explicit GUP box

i do have a group for each location and at the moment they are not inheriting from the PC Clients Group, however the PC Clients group is inheriting from the My Company Group.

i went into the server update policy and checked multiple GUP in addition to the explicit, safe to assume i needed to define the servers again?

and im looking over those 2 links now. also, thanks i appreciate the help youve given so far.

I assume you do want to break inheritance, correct? This will allow you to manage each group independantly of one another, assigning different policies, etc.

Did the list stay intact, if not, you will need to re-define it.

i dont need the locations to have different policies unless that dictates their ability to inherit their live update policy. 

well, one of my counterparts was creating some of the location folders and some i created, i notice now that the ones he created are turned off from inheritance but mine are still inheriting. although when i look at his location folders i dont see a unique policy, still the same shared. so if theyre shared but not inheriting theyre not going to take that update i just made. 

im also seeing theyre putting the various IP ranges on separate rules with 'or' conditions, would having all my servers in the same rule somehow make it conflicting to where a client might think it has to meet each of the servers subnet as criteria? if so i can go in and remove that and add them individually. some of this i was instructed/shown how to do and that was one of them, if im being misinformed i will make the change and report it up so that we dont make that mistake again.

Correct

So for your screenshot on the GUPs, you have all those servers in the Multiple Group Update provider list..the multiple group update providers use a set of rules, or criteria, to elect themselves to serve groups of clients in their own subnets

See here:

http://www.symantec.com/docs/HOWTO80957

Was that intended or are they all in different locations? That's how I read it.

Each of those servers is physically located in the same building as the clients i want them to be the GUP for. i did intend to have everyone of them update for their own set of computers that lives on the same subnet as them. 

Ok, gotcha, just making sure I wasn't getting confused

would i be better served marking each of them individually as a single GUP? if i was to do so would i have to make a unique policy per location that specifies the one single GUP. again, thanks for the help. i was assigned this task as a learned experience and as part of a professional development goal but my partner ive been assigned with who has more intimate knowledge has been overly busy with some other tasks and hasnt had time to give me much advice.

No worries. Yea by doing that, you would need to create a policy for each (although can just copy the first one and edit the GUP name for the remaining)

http://www.symantec.com/docs/HOWTO80900

As an fyi, here is the SEP knowledgebase link:

http://www.symantec.com/business/support/index?page=productlanding&key=54619

Tons of good info!

i guess a little more background info wouldnt hurt. each of these servers located on site are being used as print and file servers for the users at each location. we'd been using symantec antivirus 10.x (forget the exact version) but about a month or two ago symantec basically emailed out saying that program has reach end of life and is no longer supported. whoever had initially deployed that regionally (about 550 workstations) is no longer with us so we dont have someone who has actually done it on staff. so being concerned that we would be eating too much bandwidth in each place with the live updates we opted to set up the local servers as GUPs. thus freeing up all of them updating from one location. physically deploying the clients hasnt been an issue, but getting the definitions to update as desired is. 

Gotcha. Are the clients just not updating at all or you're still trying to get things configured correctly?

the clients are updating their policies as per the schedule i defined, but when i look where theyre pulling the definitions from i do not see it as the local server, its just connecting to liveupdate.symantecliveupdate.com...

and when i go to help>troubleshooting>connection status it shows the virtual server that the SEP Manager is on instead of the local server on site. unless im totally missing something and that is normal, but i would think it would be connecting to the server not the symantec site.

shouldnt it reflect the GUP here?

and if not where do i look to find where its pulling definitions from.

when i check out the status of one of my servers it reflects that it is a GUP.

so i feel like the servers are properly configured as GUPs but somehow i can figure out why they dont pull policy updates from them. i checked Monitor with these settings:

and choosing one result:

CEWP7583 is my virtual server with SEP Manager on it.

It won't here. You need to check the System log on the SEP client

You can also check this article I wrote:

https://www-secure.symantec.com/connect/articles/sepm-121-advanced-settings-filter-options-client-activity-logs

You can filter on GUP events

Policy update always come from the SEPM. The GUP can only provide content updates, nothing else.

so the content updates will be just virus definitions and such?

Correct. Only content (definitions) for the various components that need them.

i somehow managed to miss your post about the article you wrote, so i looked up that log withe the clients and used the source as GUP and this is the result

now, only one of the location folders is directed at a single GUP the rest are set multiple. and the one that has it is the one on top that has the number of entries at 1.

so does that mean that this one location is behaivng properly?

Is that the correct server you setup via the policy?

reading more into your article. i ran that report with SYLINK

looks like they are pulling from the GUPs, but i guess it was my knowledge base that was lacking on how to find such reports. that screenshot from excel shows 3 separate locations there are more but i was trying to limit it.

and i recognize the IPs that theyre pulling from as the Local servers and pinged a few by name to check the IP response and they matched up. sending the excel version of that report to one of my counterparts to confirm to make sure im not crazy and making myself see what i want.

The client System log should also show an entry along the lines of "Downloaded content from GUP"